The remote Ubuntu host is missing one or more security-related
patches.

Description :

Oleg Nesterov discovered a local Denial of Service vulnerability in
the timer handling. When a non group-leader thread called exec() to
execute a different program while an itimer was pending, the timer
expiry would signal the old group leader task, which did not exist any
more. This caused a kernel panic. This vulnerability only affects
Ubuntu 5.04. (CAN-2005-1913)

Al Viro discovered that the sendmsg() function did not sufficiently
validate its input data. By calling sendmsg() and at the same time
modifying the passed message in another thread, he could exploit this
to execute arbitrary commands with kernel privileges. This only
affects the amd64 bit platform. (CAN-2005-2490)

Al Viro discovered a vulnerability in the raw_sendmsg() function. By
calling this function with specially crafted arguments, a local
attacker could either read kernel memory contents (leading to
information disclosure) or manipulate the hardware state by reading
certain IO ports. This vulnerability only affects Ubuntu 5.04.
(CAN-2005-2492)

Jan Blunck discovered a Denial of Service vulnerability in the procfs
interface of the SCSI driver. By repeatedly reading
/proc/scsi/sg/devices, a local attacker could eventually exhaust
kernel memory. (CAN-2005-2800)

A flaw was discovered in the handling of extended attributes on ext2
and ext3 file systems. Under certain condidions, this could prevent
the enforcement of Access Control Lists, which eventually could lead
to information disclosure, unauthorized program execution, or
unauthorized data modification. This does not affect the standard Unix
permissions. (CAN-2005-2801)

Chad Walstrom discovered a Denial of Service in the ipt_recent module,
which can be used in netfilter (Firewall configuration). A remote
attacker could exploit this to crash the kernel by sending certain
packets (such as an SSH brute-force attack) to a host which uses the
'recent' module. (CAN-2005-2802).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Contact

The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.